Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

退出 ClashMeta 不会清除 iptables #43

Closed
ghost opened this issue Apr 19, 2022 · 5 comments
Closed

退出 ClashMeta 不会清除 iptables #43

ghost opened this issue Apr 19, 2022 · 5 comments

Comments

@ghost
Copy link

ghost commented Apr 19, 2022

ctrl + c 退出,会清除 iptables ,
直接关闭终端窗口,不会清除。

systemctl stop clash-meta 会清除
systemctl disable --now clash-meta 不会清除
@Adlyq
Copy link
Collaborator

Adlyq commented Apr 19, 2022

@yourxx 这不是很合理吗

@MarksonHon
Copy link

@yourxx 你枪杀进程,进程哪还能帮你清除防火墙规则

@vj23456
Copy link

vj23456 commented Apr 19, 2022

@MarksonHon 你把我杀死了,我还要负责把自己埋了

@Skyxim Skyxim closed this as completed Apr 19, 2022
@Skyxim Skyxim reopened this Apr 19, 2022
@ghost
Copy link
Author

ghost commented Apr 19, 2022
edited by ghost
Loading

清除得不是很彻底,有时又彻底,残留的规则也经常不一样。

root@ubuntu-desktop:~# systemctl stop clash
root@ubuntu-desktop:~# systemctl start clash
root@ubuntu-desktop:~# systemctl stop clash
root@ubuntu-desktop:~# iptables-save
# Generated by iptables-save v1.8.4 on Tue Apr 19 13:30:14 2022
*nat
:PREROUTING ACCEPT [2:368]
:INPUT ACCEPT [2:368]
:OUTPUT ACCEPT [2:135]
:POSTROUTING ACCEPT [2:135]
:clash_dns_output - [0:0]
-A PREROUTING ! -s 172.17.0.0/16 ! -d 127.0.0.0/8 -p udp -m udp --dport 53 -j REDIRECT --to-ports 1053
-A PREROUTING ! -s 172.17.0.0/16 ! -d 127.0.0.0/8 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 1053
-A OUTPUT -p udp -m udp --dport 53 -j clash_dns_output
-A OUTPUT -p tcp -m tcp --dport 53 -j clash_dns_output
-A POSTROUTING -o ens160 -m addrtype ! --src-type LOCAL -j MASQUERADE
COMMIT
# Completed on Tue Apr 19 13:30:14 2022
# Generated by iptables-save v1.8.4 on Tue Apr 19 13:30:14 2022
*mangle
:PREROUTING ACCEPT [35:2775]
:INPUT ACCEPT [35:2775]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28:3516]
:POSTROUTING ACCEPT [28:3516]
:clash_output - [0:0]
:clash_prerouting - [0:0]
-A PREROUTING -j clash_prerouting
-A OUTPUT -o ens160 -j clash_output
COMMIT
# Completed on Tue Apr 19 13:30:14 2022
# Generated by iptables-save v1.8.4 on Tue Apr 19 13:30:14 2022
*filter
:INPUT ACCEPT [35:2775]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [29:3988]
-A FORWARD -o ens160 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o ens160 -j ACCEPT
-A FORWARD -i ens160 ! -o ens160 -j ACCEPT
-A FORWARD -i ens160 -o ens160 -j ACCEPT
COMMIT
# Completed on Tue Apr 19 13:30:14 2022

@ghost
Copy link
Author

ghost commented Apr 19, 2022

...
interface-name: ens160 这行可以不写,程序会自动识别。
iptables:
enable: true
inbound-interface: ens160 这行必须要写。
...

在不写 inbound-interface 的时候也可以自动识别就方便多了。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Adlyq @MarksonHon @vj23456 @Skyxim